Cyber security: keep your staff safe while working from home

Cyber security is an ongoing challenge for companies, and even more so when employees need to work from home at short notice. Both the public and private sector need to stay on top of security to ensure that new hires and existing employees have the right skills to minimise the risk of cyber threats.

According to a recent report published by the UK government, cyber security is seen as the most in-demand tech specialism by businesses. This echoes CWJobs’ own research, which finds that 48% of UK businesses have a basic cyber security skills gap.

Let’s take a closer look at the specific cyber security challenges businesses face with remote working and what steps they can take to protect their assets:

An increased threat of cyber attacks

The last few weeks have seen a huge increase in remote working. As such, businesses of all sizes have become more vulnerable to cyber attacks as many are still working to implement security measures in their businesses.

Researchers at Memoori have found that hackers are carrying out an increasing number of cyber attacks on all manner of organisations, including the World Health Organisation (WHO), healthcare providers and charities.

Attacks against the WHO have doubled in the last month with hackers sending phishing emails to gain the site’s access to internal email system. Memoori also reports that a COVID-19 vaccine test centre was attacked last month, as well as a Paris hospital.

Video conferencing software Zoom has had vulnerabilities exposed in its end-to-end encryption, which enabled hackers to join meetings uninvited. According to cyber security company Checkpoint more than 1700 new Zoom domains have been registered since the start of the year, of which 25% of them were registered in the past week. Of the domains registered, 4% have been found to contain suspicious characteristics.

Identifying phishing emails

Phishing emails are one of the biggest challenges that companies face when staff is working remotely. According to Info Security Magazine, hacking and phishing attempts were up 37% in March 2020.

A phishing email is a type of online scam where hackers send an email that appears to be from a legitimate company, asking the recipient to provide sensitive information or to click a link in the email body. When the recipient clicks the link, the hacker is usually given access to the company’s internal system.

It’s important that companies make their staff aware of phishing emails and provide guidance on how to identify them and what to do if they suspect they’ve received one. When an entire company is working remotely, cyber security is everyone’s responsibility.

Controlling access to IT systems

For many companies, the switch to remote working was sudden and many have had to adjust their working practices overnight. As such, some organisations haven’t had the time to create any guidance for employees on how to manage cyber security risks.

It’s essential that companies create a remote working policy that highlights cyber security best practices. Companies should explain to staff how to store devices securely and how to create strong passwords. They should also outline the technical solutions that have been put in place to protect sensitive data.

For example, many companies have implemented two-step authentication for third-party software. Some have also set up Virtual Private Networks (VPNs) to allow remote users to securely access internal resources, such as email and file services.

Helping staff protect their devices

Compromised devices can pose a number of issues to companies. Laptops, mobile phones and other devices that have been taken out of the office for remote working are vulnerable to cyber attacks, not to mention theft and damage.

Companies should encourage staff to install anti-malware software if their devices don’t already have it. Staff should also ensure that they’re using the most up-to-date versions of software and applications and be on the look out for suspicious activity like unauthorised logins.

USB drives in particular, can hold a lot of sensitive information and staff should be shown how to disable removable media using MDM settings and how to encrypt data. In some cases, it may be a good idea to ask staff to transfer files through internal storage like Dropbox, rather than via USB.

Checklist to stay protected against cyber threats

To help companies protect their business from cyber security threats when remote working, we’ve put together a checklist that covers the main areas:

1. Create a remote working policy that highlights cyber security best practices for all staff.
2. Ensure staff are aware of what phishing emails looks like and educate them on what to do if they suspect they’ve received one.
3. Make sure that new hires in their tech teams have cyber security skills to help with ad-hoc issues and projects.
4. Consider implementing two-step authentication for third-party software and implementing a VPN for staff to access internal resources.
5. Educate staff on how to protect their devices and removeable media.
6. Encourage staff to transfer files via internal storage, rather than through email or USB devices.

Enforcing cyber security practices is important now more than ever. According to cyber security company Carbon Black, up to 88% of UK companies have suffered cyber security breaches in the last 12 months. Hiscox reports that one small business in the UK is successfully hacked every 19 seconds, proof that every company is at risk, regardless of their size.

For companies looking to hire cyber security specialists, CWJobs enables recruiters to carry out Boolean searches in our CV Database to find candidates with the right skills. They can also send an e-shot and invest in programmatic ads to attract relevant passive candidates.